How to disable, disable, and unban IP addresses in Centos

Source: Internet
Author: User
Linux's method of disabling IP addresses, IP addresses, and unblocking IP addresses has recently been badly used by server memory resources. after checking the log, the VPN password has been cracked. Currently, IP address block blocking is used. The following figure shows the brute-force VPN cracking IP address 118.249.110.115 in Changsha, Hunan province. You only use numbers and letters for my passwords.

How to disable, disable, and unban IP addresses in Linux

Recently, the server's memory resources were temporarily used. after checking the logs, the VPN password was originally cracked. Currently, IP address segments are blocked. For the method, see the following,

Now we will announce the IP address used to crack the VPN: 118.249.110.115 in Changsha, Hunan province. You only use numbers and letters for my passwords.

1234567891011121314151617181920212223242526 Mar 11 14:53:52 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] new connection from 118.249.110.115 Mar 11 14:53:57 My Server03 pure-ftpd :(? @ 118.249.110.115) [WARNING] user [126cm123456] Verification failed Mar 11 14:53:57 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] logout. Mar 11 14:54:06 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] new connection from 118.249.110.115 Mar 11 14:54:09 My Server03 pure-ftpd :(? @ 118.249.110.115) [WARNING] user [126cm2009] failed to verify Mar 11 14:54:09 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] logout. Mar 11 14:54:24 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] new connection from 118.249.110.115 Mar 11 14:54:29 My Server03 pure-ftpd :(? @ 118.249.110.115) [WARNING] user [126cm2010] Verification failed Mar 11 14:54:29 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] logout. Mar 11 14:54:44 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] new connection from 118.249.110.115 Mar 11 14:54:49 My Server03 pure-ftpd :(? @ 118.249.110.115) [WARNING] user [126cm2011] failed to verify Mar 11 14:54:50 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] logout. Mar 11 14:55:20 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] new connection from 118.249.110.115 Mar 11 14:55:25 My Server03 pure-ftpd :(? @ 118.249.110.115) [WARNING] user [126cm2012] failed to verify Mar 11 14:55:25 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] logout. Mar 11 14:56:08 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] new connection from 118.249.110.115 Mar 11 14:56:12 My Server03 pure-ftpd :(? @ 118.249.110.115) [WARNING] user [126cm2013] Verification failed Mar 11 14:56:12 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] logout. Mar 11 14:56:36 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] new connection from 118.249.110.115 Mar 11 14:56:41 My Server03 pure-ftpd :(? @ 118.249.110.115) [WARNING] user [126cm2014] Verification failed Mar 11 14:56:42 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] logout. Mar 11 14:57:04 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] new connection from 118.249.110.115 Mar 11 14:57:08 My Server03 pure-ftpd :(? @ 118.249.110.115) [WARNING] user [126cm666] failed to verify Mar 11 14:57:08 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] logout. Mar 11 14:57:24 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] new connection from 118.249.110.115 Mar 11 14:57:28 My Server03 pure-ftpd :(? @ 118.249.110.115) [WARNING] user [126cm888] Verification failed

The method is as follows:

When a Linux server is attacked, there may be several major IP addresses. If the attacks against these IP addresses can be rejected, the pressure on the server will be greatly reduced, and the server may be able to recover to normal.

In Linux, you can block or block a single IP address. In general, today's attackers will not use an IP address in a CIDR block to attack (too shaken), and the IP addresses are generally hashed. The command for blocking a single IP address and command for unblocking a single IP address are described below.

In Linux, ipteables is used to maintain the IP rule table. To stop or unseal an IP address, you must add inbound rules in the IP rule table.

To stop an IP address, run the following command:

1 # Iptables-I INPUT-s ***. ***-j DROP

To unseal an IP address, run the following command:

1 # Iptables-d input-s ***. ***-j DROP

The-I parameter indicates Insert (add), and the-D parameter indicates Delete (Delete ). The following is a rule. INPUT indicates the inbound traffic, **. ** indicates the IP address to be blocked, and DROP indicates that the connection is abandoned.

In addition, you can use the following command to view the current IP rule table:

1234 # Iptables? ListFor example, if you want to block the IP address 118.249.110.115, enter: 1 # iptables-I INPUT-s 118.249.110.115-j DROP

To unseal the table, replace-I with-D, provided that iptables already has this record. To clear the blocked IP address, enter:

1 # Iptables? Flush

To add an IP segment to the shutdown list, run the following command:

# Iptables-I INPUT-s 121.0.0.0/8-j DROP
In fact, the IP part of a single IP address is replaced by the Linux IP segment expression. There are a lot of detailed explanations about IP segment expressions on the Internet, so I won't mention it here.

I believe that with the help of iptables, it is easy to solve small DDoS attacks!

Add this command to disable ping, modify the port, and disable the root user.

1. ping prohibited by the system

1 [Root @ linu *** ~] # Echo 1>/proc/sys/net/ipv4/icmp_echo_ignore_all

  
2. the system allows ping

1 [Root @ linu *** ~] # Echo 0>/proc/sys/net/ipv4/icmp_echo_ignore_all

The effect of the above two commands takes effect in real time. you can use another machine to ping the command to test whether the command takes effect.
Bytes ----------------------------------------------------------------------------------------------------------

12 Add a line of echo 1>/proc/sys/net/ipv4/icmp_echo_ignore_all to/etc/rc. d/rc. local.

0 indicates allow
1 indicates prohibited

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.